Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Mercenary Approach To Botnets

Posted by Soulskill on from the highest-bidder-gets-your-grandma's-bank-account dept.

CowboyRobot writes "The incentives are high for many businesses and government agencies to not be too heavy handed in combating the global botnet pandemic. There's money to be had and, with each passing day, more interesting ways are being uncovered in how to package the data, and how to employ it. It used to be that the worlds of bug hunters and malware analysts were separate and far between. In the last couple of years the ability to analyze malware samples and identify exploitable vulnerabilities in them has become very important. Given that some botnets have a bigger pool of victims than many commercial software vendors have licensed customers, the value of an exploit that grants reliable remote control of a popular malware agent is rising in value. In many ways, botnets have become a golden goose to those charged with gathering intelligence on the populations of foreign entities. The bulk of the victim's data is useful for mapping populations, communication profiles, and as egress points for counter intelligence exercises. Then, given how many botnet victims there are, the probability that a few 'interesting' computers will have succumbed along the way is similarly high — providing direct insight in to a pool of high value targets."

5 of 34 comments (clear)

  1. Who needs privacy? by DavidClarkeHR · · Score: 4, Insightful

    Great. Slashdot has been subverted by the NSA ... again.

    This time they're trying to push their propaganda on us. "Oh yes, botnets are bad, but oh my, aren't they neat?".

    --
    - Nec Impar Pluribus, or so I'm told.
    1. Re:Who needs privacy? by fuzzyfuzzyfungus · · Score: 3, Insightful

      It's a trifle hard to tell (which is itself a bad sign) whether this is an apologist and/or geek merc, gleefully discussing the exciting opportunities. or a dissident pointing out the absurdly dangerous situation created by a perverse inventive for 'security' entities to tolerate, or even promote, widespread insecurity...

      I don't doubt that there are people who take the former stance; but I'd like to stick up for the latter, and would argue that encouraging insecurity is a hubristic and ultimately self-defeating strategy unless you are the cheap, low-tech adversary, rather than the expensive first-world spook shop with the big, rich, tech-dependent economy behind it.

      Do spook nerds get off on how much of other people's email they can read? I don't doubt it. Are our spook nerds sure that they are so much better than everybody else's spook nerds that they can compensate for the fact that some people (like, oh, the ones they ostensibly protect...) are far more heavily exposed to the internet, and to IT system vulnerabilities in their personal, professional, and financial activities than are less heavily wired countries; but there are few to no countries so poor that they can't field at least a few modestly competent surveillance geeks.

      Why would you knowingly continue a game that everybody can play; but where only some people, you among them, have a significant stake on the table?

    2. Re:Who needs privacy? by Jah-Wren+Ryel · · Score: 3, Insightful

      This time they're trying to push their propaganda on us. "Oh yes, botnets are bad, but oh my, aren't they neat?".

      Oh come on, it doesn't read like that at all. All it does is explain why the guys who are supposed to be fighting these things now have incentive to do a really bad job of fighting them. Much in the same way that NSA perverted their own mission statement by weakening crypto standards used by the US government so that they could snoop on anyone using those same crypto standards.

      --
      When information is power, privacy is freedom.
  2. Re:Look, if governments are no longer the good guy by Shakrai · · Score: 4, Insightful

    we shall treat them like the bad guys. I learned French history in school.

    Did you cover the part where the glorious revolution elevated a dictator that that united the whole of Europe against France, got hundreds of thousands of French soldiers killed, and cost France her self-determination for two or three generations? It might be satisfying to root for revolutions where the former powers-that-be get lined up and shot (or guillotined), but they never seem to end real well for the peoples involved.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  3. Is there a major difference... by Gordo_1 · · Score: 3, Insightful

    between so called 'legitimate software' and botnets these days anyway?

    Each is used to collect data that can be analyzed for profit in various ways. Legitimate software, you might argue, provides actual value to the end-user, is not surreptitiously installed and doesn't exploit software vulnerabilities. However, if that's all it takes to be legit, then witness the gobs of commercial software (not to mention greyware) out there that fit the definition of 'legit', but in actuality provide only the thinnest veneer of value behind a EULA so broad that it allows the software vendor to pretty much do as they please across your hard drive and Internet connection.